[BreachExchange] Fragomen, a law firm used by Google, confirms data breach

[Destry Winant]

https://techcrunch.com/2020/10/26/fragomen-data-breach-google-employees/

Immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed
a data breach involving the personal information of current and former
Google  employees.

The New York-based law firm provides companies with employment
verification screening services to determine if employees are eligible
and authorized to work in the United States.

Every company operating in the United States is required to maintain a
Form I-9 file on every employee to ensure that they are legally
allowed to work and not subject to more restrictive immigration rules.
But Form I-9 files can contain a ton of sensitive information,
including government documents like passports, ID cards and driver’s
licenses, and other personally identifiable data, making them a target
for hackers and identity thieves.

But the law firm said it discovered last month that an unauthorized
third-party accessed a file containing personal information on a
“limited number” of current and former Google employees.

In a notice with the California attorney general’s office, Fragomen
did not say what kind of data was accessed or how many Google
employees were affected. Companies with more than 500 California
residents affected by a breach are required to submit a notice with
the state’s attorney general’s office.

Michael McNamara, a spokesperson for Fragomen, declined to say how
many Google employees were affected by the breach.

A spokesperson for Google did not respond to a request for comment.